Total
4388 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-6712 | 1 Cisco | 1 Elastic Services Controller | 2025-04-20 | N/A |
| A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a "tomcat" user on the system can run certain shell commands, allowing the user to overwrite any file on the filesystem and elevate privileges to root. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76634. | ||||
| CVE-2017-6714 | 1 Cisco | 1 Ultra Services Framework Staging Server | 2025-04-20 | N/A |
| A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability by crafting CLI command inputs to execute Linux shell commands as the root user. This vulnerability affects all releases of Cisco Ultra Services Framework Staging Server prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76673. | ||||
| CVE-2017-6970 | 2 Alienvault, Nfsen | 3 Ossim, Unified Security Management, Nfsen | 2025-04-20 | N/A |
| AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863. | ||||
| CVE-2017-6182 | 1 Sophos | 1 Web Appliance | 2025-04-20 | N/A |
| In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304. | ||||
| CVE-2017-6223 | 1 Ruckus | 2 Zonedirector, Zonedirector Firmware | 2025-04-20 | N/A |
| Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system. | ||||
| CVE-2017-6320 | 1 Barracuda | 1 Load Balancer Adc | 2025-04-20 | 8.8 High |
| A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability stems from unsanitized data being processed in a system call when the delete_assessment command is issued. | ||||
| CVE-2017-6359 | 1 Qnap | 1 Qts | 2025-04-20 | N/A |
| QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors. | ||||
| CVE-2017-6360 | 1 Qnap | 1 Qts | 2025-04-20 | N/A |
| QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors. | ||||
| CVE-2017-6361 | 1 Qnap | 1 Qts | 2025-04-20 | N/A |
| QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2017-6597 | 1 Cisco | 2 Firepower Extensible Operating System, Unified Computing System | 2025-04-20 | N/A |
| A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61394 CSCvb86816. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1658) 2.0(1.115). | ||||
| CVE-2017-6600 | 1 Cisco | 2 Firepower Extensible Operating System, Unified Computing System | 2025-04-20 | N/A |
| A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61351 CSCvb61637. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1645) 2.0(1.82) 1.1(4.136. | ||||
| CVE-2017-6087 | 1 Eonweb Project | 1 Eonweb | 2025-04-20 | N/A |
| EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3) ownDisown function in module/monitoring_ged/ged_functions.php or the (4) module parameter to module/index.php. | ||||
| CVE-2017-5173 | 1 Geutebrueck | 2 Ip Camera G-cam Efd-2250, Ip Camera G-cam Efd-2250 Firmware | 2025-04-20 | 9.8 Critical |
| An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution. | ||||
| CVE-2017-5255 | 1 Cambiumnetworks | 4 Epmp 1000, Epmp 1000 Firmware, Epmp 2000 and 1 more | 2025-04-20 | N/A |
| In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-privilege readonly user) to inject shell meta-characters as part of a specially-crafted POST request to the get_chart function and run OS-level commands, effectively as root. | ||||
| CVE-2017-5330 | 2 Fedoraproject, Kde | 2 Fedora, Ark | 2025-04-20 | N/A |
| ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications. | ||||
| CVE-2017-3761 | 1 Lenovo | 1 Service Framework | 2025-04-20 | N/A |
| The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution. | ||||
| CVE-2017-4053 | 1 Mcafee | 1 Advanced Threat Defense | 2025-04-20 | N/A |
| Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter. | ||||
| CVE-2017-3506 | 1 Oracle | 1 Weblogic Server | 2025-04-20 | 7.4 High |
| Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). | ||||
| CVE-2017-3796 | 1 Cisco | 1 Webex Meetings Server | 2025-04-20 | N/A |
| A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Releases: 2.6. | ||||
| CVE-2017-3806 | 1 Cisco | 1 Firepower Threat Defense | 2025-04-20 | N/A |
| A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. More Information: CSCvb61343. Known Affected Releases: 2.0(1.68). Known Fixed Releases: 2.0(1.118) 2.1(1.47) 92.1(1.1646) 92.1(1.1763) 92.2(1.101). | ||||